Since the shoddy launch of healthcare.gov in 2010, cyberattacks on Americans’ health records has risen “exponentially,” a Government Accountability Office report shows.

According to the GAO, the use of digital records allows healthcare providers to more easily share information and allow patients better access to their health data, among other advantages. However, the networks storing and sending health information in a digital format are “vulnerable to cyber-based threats. The resulting breaches—involving over 113 million records in 2015.”

In 2009, the number was far less with only 135,000 records breached. The number of reported hacks and breaches impacting data of at least 500 people spiked from zero in 2009 to 56 in 2015, which is nearly double from two years ago.

GAO Graph Of Cyberattacks On Healthcare Records 2009-1015

“The magnitude of the threat against health care information has grown exponentially,” GAO said, citing a 2015 study by the KPMG accounting firm.

Additionally, threat actors could tamper with digital health IT systems “to cause disruptions in the medical community. For example, a threat actor could access and manipulate health records in an attempt to harm patients or disrupt health care operations at a medical facility (for example, by changing patient prescriptions),” GAO reported.

A provision in the Affordable Care Act requires medical providers to change from paper patient records to digital records as a means to reduce costs and improve care, but some warned that patients’ privacy would be at risk.

“The thing I worry about is not that we are doing it, but that we’re doing it without the right safeguards,” Lee Tien, a senior staff attorney with the Electronic Frontier Foundation, told Fox News in 2013. “We have been giving (medical providers) incentives to move into the electronic-health-records era. But we haven’t been giving them enough guidance on how they’re supposed to do it.”

Back in 2015, Anthem, the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, had a large data breach. Although The Centers for Medicare and Medicaid Services (CMS), which provides oversight to the websites HealthCare.gov and Medicare.gov, claimed federal government networks were not impacted by the breach, The Hill reported. The unprecedented large scale attack exposed the personal data of up to 80 million customers.

“We’re not talking with healthcare organizations as standalone entities anymore,” said Christopher Budd, a security expert with TrendMicro told The Hill. “They’re interconnected.” He added, “Those are basically roadways that attackers could be using.”